Print

[BenJeremy]

QUOTE(HotKnife420 @ Sep 6 2009, 03:25 PM)

I think it's more likely that they were bad rips than MS infringing on their developer's copyrights and dilliberately distributing their intellectual property via unsecured and less-trackable (in terms of monitoring sales) means. I'm also not so sure that review copies are made to only work on dev kits; can you prove how this is true?

 IOW, they'd be pissing off their devs, as well as breaking several laws by doing so. It *is* possible, however, that someone who worked at MS and had access to the stuff did the signing and uploading, but they should be easy enough to narrow down and be fired, so hard to say.
 FYI, LIVE is also filled with babies that get really pissed off when you're better than them. I've received bad feedback several times because I was doing "too good" at Gears or whatever. If enough people jump on you and complain, you'll get a temp ban whether they're telling the same lie or not (which is one of the reasons I think it's not a good idea to post your gamertag on forums).

The "bad" releases last year were definitely NOT retail builds, but developer builds, and developer builds NEVER get signed with Microsoft's private key.

The fact that obvious dev builds SOMEHOW managed to acquire a legitimate signature points to exactly one thing: Microsoft was involved, and it was an enforcement action.

Developers do NOT have access to the private key used to sign games for retail consoles, and any games or demos Microsoft signs goes through rigorous security measures from delivered content media to retail master. This is why there is only one Demo disc given with magazines... from "Official" Xbox Magazine, same deal - they prep the master content disc, Microsoft signs it and generates an Xbox 360 "Secure" DVD-ROM image to be stamped in a factory with the special equipment to create discs with the proper security features.

I explained this countless times last year, and for whatever reason, the logic seems to escape people here.

If you don't know who I am, then you haven't been in the scene long enough to even argue with me.

If you do know who I am, you'd understand that I have a pretty good idea of what is going on behind the scenes, and that I was a big part of the homebrew scene for the original Xbox.

To specifically answer your questions (as I did last time):

On pissing off the devs by distributing their game: Do you know of a single game released for the Xbox or Xbox 360 that hasn't been "scene released" on the game's release date - give or take a week? The "Devs" know their game will be pirated. Not only were the dev copies EASILY trackable, they resulted in a massive ban wave, and a huge database of consoles to ban randomly well into the future. The games were also incomplete, and served more as extended demos than complete games. It's not a hard sell to a developer to say "let's release an incomplete, less-than-perfect version of your game to track the pirates, ban them, and scare the other 90% of the pirates into buying your game legitimately." The simple fact is that those "bad rips" got distributed far less than their "retail-derived" release counterparts, and most copies ended up in trash bins. Any dev with half a brain can see there was a definite benefit to be had by working with Microsoft copyright enforcement on the case.

As for the review consoles: Like I said, some reviewers get spiffy "review/test consoles". These are Xbox 360 consoles that run unsigned code for test builds. You can probably buy one right now, for enough money, but they are mostly first-gen and very rare. Big magazines get them, and the PR guys have a slew of them for trade shows. Big dev houses get the majority, used by in-house game testers. Most reviewers have to wait until the game gets RTM'd or they get previewed in the dev's facilities. If reviewers regularly got retail-signed, security feature-stamped DVD-ROMs to review early copies, we'd have seen them from the beginning.

Let me restate this: The ISO images were media flagged only for manufactured, stamped, complete-with-security-features, Xbox 360 DVD-ROM discs. Do you have any clue what the cost is to make a limited run of these discs? Do you honestly think Microsoft would spend thousands of dollars signing and mastering a disc (yes, it costs them at least 4 figures, probably 5, just to get the IMAGE to master) and another $10 to 20 THOUSAND just to make a limited production run of DEV BUILDS to release to reviewers who are so pissant low on the PR totem pole that they don't even rate a review/test console?

The probability that this was anything but a ploy (and a very clever one) by Microsoft and the developers of those games to swat some pirates, take plenty of notes (leaving room for plenty of surprises in the long term) and scare the ever-loving crap out of a vast majority who were going to pirate the game already and get them to buy the game, approaches ZERO.

[kgn340]

duuuuuuuude.

wow.   like, total wow.

i think its time to write the made-for-tv movie.
(we'll get http://www.imdb.com/name/nm0001173/to play the role of bill gates and http://www.imdb.com/name/nm0001688/ for major nelson   ).

[leo5150]

it shows microsoft is just about at the end of the line as far as what can be detected, last year when the last marked game ban wave hit, no one got hit but the people who downloaded the marked builds, i know 3 differnt modders and they said the only people who were calling saying they got banned were the people who downloaded the marked copys, none of their customers who ripped their own game got hit  

[SovietSlayer]

QUOTE(swg1251 @ Sep 4 2009, 09:10 PM)

 don't just mean 360 games either, I mean torrents in general.... how come no one ever gets caught?

i;ve got caught. My isp shut down my internet and i had to call them up. Then they even told me what i was reported of downloading. I ended up just saying my neighbor stole my wifi and they reactivated my internet. But ever since then i am scared to use bittorrent.

[ssj4android]

http://forums.xbox.com/28932182/ShowPost.aspx
I'm not sure how much weight that holds.

[HotKnife420]

QUOTE(BenJeremy @ Sep 7 2009, 05:28 AM)

*snip for space*

 Ok, I'm with you on most of that, but a few things I'm still pondering:

A) Cost - I believe your figures are outdated/wrong for manufacturing costs. I can goto Disc Makers and get 1,000 replicated DVDs for under $1/ea (no additional costs except shipping). I don't see what's stopping MS (or more likely, a developer wanting an earlier/better review) from spending a couple thousand bucks for something like that.

2) Your arguement about pissing off the devs makes a valid point - it's gonna get uploaded anyway, so why not upload a "trojan ban magnet"?  
 

• Because pirates are more interested in getting the game free/bootleg than paying another $200 for a new console, $60 for the game, and them XBL membership frees
• The 'scene' is going to 'proper' it anyway, so you're not stopping piracy, you're just increasing your own unit sales to help make the installed base look larger than it is....to the developers!
• Just because these versions were identical to a dev build doesn't mean the dev didn't have it signed and pressed to send to some mags/reviewers. Within your "conspiracy theory" it seems plausible that reviewers are even encouraged to flash their drives and are sent their "review copies" on a burned disc (short runs - cheaper cost), and those particular ones were leaked.

d) The bigger "ban games" (according to a few threads on these and other forums at the time) were two other "major" games. To clarify - retail versions, two differeint "groups", and one got people banned and reason seems to be that it was a bad rip (go figure)

[drkoolbeanz]

So let's get this straight. It's possible for a $199 360 to read m$ *signed* code, copy the entire thing to a say, 2002 pentium 4 pc, and be burned with a ma and pop dvd-burner... but the multi-billion dollar corporation that's m$ can't do shit without spending $xx,xxx.

Logic is failing how someone couldn't have leaked this...

[bobbler]

QUOTE(Alec @ Sep 7 2009, 01:16 AM)

My apologies, but what you're saying is not true.

bobbler: Go to billing.microsoft.com and edit your personal information. Under Company Name...what does it say?

Oh nice spot:
Company name:   ACCOUNT IS PERMABANNED

Ah well

[TheTerminator]

QUOTE(ssj4android @ Sep 7 2009, 02:33 AM)

http://forums.xbox.c...2/ShowPost.aspx
I'm not sure how much weight that holds.

Haha, this is sooo stupid. You can see all the games that he's playing haven't been released yet.

[linflas]

QUOTE(BenJeremy @ Sep 7 2009, 05:28 AM)

Developers do NOT have access to the private key used to sign games for retail consoles, and any games or demos Microsoft signs goes through rigorous security measures from delivered content media to retail master. This is why there is only one Demo disc given with magazines... from "Official" Xbox Magazine, same deal - they prep the master content disc, Microsoft signs it and generates an Xbox 360 "Secure" DVD-ROM image to be stamped in a factory with the special equipment to create discs with the proper security features.

I am actually quite impressed, a lucid fluent answer with rationale and support.

Not something seen here often, thanks for the nice read.  

Although it seems to me that it was all intuitive, and people should have known better.

Thanks again for the great post.

[BenJeremy]

QUOTE(HotKnife420 @ Sep 7 2009, 02:56 AM)

Ok, I'm with you on most of that, but a few things I'm still pondering:

A) Cost - I believe your figures are outdated/wrong for manufacturing costs. I can goto Disc Makers and get 1,000 replicated DVDs for under $1/ea (no additional costs except shipping). I don't see what's stopping MS (or more likely, a developer wanting an earlier/better review) from spending a couple thousand bucks for something like that.

It costs a lot more to bring an Xbox 360 game disc to production. I didn't go into detail, but just to get an image signed, you are talking about considerable engineering time... these are high level people in Redmond, not offshore resources in India... it may seem stupid that it would "cost" a couple of engineers a day or two to sign an image, but there is more involved, including generating the "master image" and testing.... because... it then costs additional money to master a disc. This isn't a quick and easy "bake it and ship it" duplication operation. Every Xbox 360 game disc has special security features stamped into it. This doesn't come as cheap as a simple DVD-ROM. They are made in a particular factory, tightly controlled by Microsoft for security and quality control reasons. Just the cost of pressing an individual disc is more expensive, AFTER the initial mastering costs are figured in.

You comparison is about as valid as me comparing printing a PDF of a magazine, to what it costs to bring a limited run of that magazine off of a printing press. There are considerable "up front" costs involved before a single disc gets pressed - and that costs is usually absorbed by pressing thousands of discs. The cvost, per disc, goes up DRASTICALLY, as the numbers go down. The up front costs are several orders of magnitude higher for stamping a security-features-laden game disc, even forgetting quality and security issues.

For many reasons, only a handful (and I literally mean that you can count them on your fingers) of trusted reviewers ever get "alone time" with dev builds. Most previews are conducted in house with supervision by developers to explain bugs and shortcomings away so what should be a nice exercise in PR work doesn't turn into a disaster in the press. **IF** Microsoft or a publisher wanted to ship out a preview edition, it would only be in quantities of less than 10, at most, to a very, very selective audience.

Economically, it would make more sense to ship unsigned preview copies burned onto DVD-R and accompany them with review/test consoles, considering the limited number of reviewers that would actually be given an advance, incomplete build of a game.

It's about the scales of the economy of game disc production. It's just not worthwhile to ship a signed, stamped dev build. It never will be, even if it was ever deemed OK to ship untrusted reviewers a dev build to begin with.

QUOTE

2) Your arguement about pissing off the devs makes a valid point - it's gonna get uploaded anyway, so why not upload a "trojan ban magnet"?  
 

• Because pirates are more interested in getting the game free/bootleg than paying another $200 for a new console, $60 for the game, and them XBL membership frees
• The 'scene' is going to 'proper' it anyway, so you're not stopping piracy, you're just increasing your own unit sales to help make the installed base look larger than it is....to the developers!
• Just because these versions were identical to a dev build doesn't mean the dev didn't have it signed and pressed to send to some mags/reviewers. Within your "conspiracy theory" it seems plausible that reviewers are even encouraged to flash their drives and are sent their "review copies" on a burned disc (short runs - cheaper cost), and those particular ones were leaked.

Please, put down the bong and re-read what you've just posted, then re-read what I posted.

A dev build on a burned disc is easy enough to do. It's either unsigned (and no threat to release on the internet, since it's useless on retail consoles) or if you sign it - it's going to have to have the media flag set to "DVD-R" media, which the two releases last year did not have. If you released a signed game media flagged for DVD-R, it would be all over the net in a heart beat, but more importantly, it would be HUGE news - remember the kiosk demo disc? That will NEVER happen again. Unsigned code is worthless to people with hacked consoles.... the game will simply not run unless you have an exploitable, chipped Xenon (which isn't terribly useful for new games or Live play). I already outlined the reasons why you'll NEVER see a dev build on a stamped Xbox 360 game disc (though we saw the images). Reviewers are not supposed to have hacked consoles, either, so no... sending a signed DVD-R to be used on a hacked console is not going to happen, either.

As for "proper" releases - how many people trusted them? Honestly, the pirate community isn't as large as the industry makes it out to be, and Microsoft knows this, or enforcement would wind up the scene community so tight they'd all move over to the Wii and give up on the Xbox 360. They do the bans about once a year, calculated to strike a bit of FUD into the scene. Databases of offenders are built, bans randomly distributed (some get off) to throw off efforts to track the cause. Because of that FUD, when something like Halo ODST comes along, and people start getting banned, and Major Nelson drops vague hinst that they "know" how to tell copies from originals (it's complete BS, they certainly know who's playing a LEAKED copy, though), people freak out and decide, at least for now, to go legit.

This latest antic only strengthens the case - they've moved on to perma-banning accounts. It's the next step in enforcement EXACTLY BECAUSE pirates sell those banned consoles on eBay and get new ones. This increases the FUD and reins in those people who don't want to risk their accounts just to play a AAA game a few weeks early. Spreading the idea that now (after 3 or 4 years??!) that they have a foolproof way to tell copies from originals (a ridiculously untrue statement) will make quite a few converts.

How many pirates are going to touch Halo ODST until after it's released now? I am willing to be a lot of them are willing to pay the money to buy the game when it comes out, rather than risk their Live accounts (or have mom and dad buy the game, rather than risk telling dad that he can't watch netflix because they got the family Live account permabanned)... or even just to play the game ASAP, instead of waiting for a "proper" they feel they can trust. Given the bad rips that have made it to the scene, I don't think there is a single release group that can claim to be foolproof, either.

QUOTE

d) The bigger "ban games" (according to a few threads on these and other forums at the time) were two other "major" games. To clarify - retail versions, two differeint "groups", and one got people banned and reason seems to be that it was a bad rip (go figure)

There certainly are bad rips. What does that have to do with what were OBVIOUSLY not retail builds of games? Bad rips can be detected, and Microsoft will continue probing the edges of the firmware hacks to see how they can, without netting innocents, find people using backups and punish them. It's a war, and wars are won and lost on information and disinformation, especially this one. Somebody finds an exploit, they hold that card close to the vest until they actually need it.... because once it's revealed, Microsoft will respond and close it. When methods are developed to determine somebody is running hacked firmware, Microsoft will figure out ways to inject the check into their consoles in ways that make it hard for hackers to spot and counteract.

[BenJeremy]

QUOTE(drkoolbeanz @ Sep 7 2009, 06:52 AM)

So let's get this straight. It's possible for a $199 360 to read m$ *signed* code, copy the entire thing to a say, 2002 pentium 4 pc, and be burned with a ma and pop dvd-burner... but the multi-billion dollar corporation that's m$ can't do shit without spending $xx,xxx.

Logic is failing how someone couldn't have leaked this...

Logic only applies when you have the facts and understand what is going on, which you clearly do not.

Reviewers don't use hacked consoles, but supposing they did, they'd still need SIGNED CODE. This is Xbox hacking 101 stuff. The original Xbox was peeled open by removing the requirement for unsigned code (the check was disabled in the BIOS). For the Xbox 360, outside of some exploitable systems or some expensive hardware, hacking was limited to modifying the firmware of the console's optical drive firmware so that a DVD-R could look, as far as the console could tell, like a "game disc" - which has security features stamped into it. The backup image incorporates information critical to reporting the proper responses to security challenges by the console.

The reason we don't see cheap pirate versions of games for sale out of car boots (trunks for us 'mericans) is because those security features are expensive to recreate, and require some specialized equipment. Harvy the Wonder Duplicator can make short runs of DVD-ROMs for any bozo... but he can't press Xbox 360 game discs. It is simply impossible for him to manufacture a disc that incorporates the security features queried by the console's optical drive.

When a disc is signed, part of what gets signed is the media flag. The media flag is what tells the console where the game can be run from... Game disc, DVD-ROM, DVD-R, flash, hard drive... those are flags in the game's executable header, and part of what is actually "signed". The signature is generated by a private key, and confirmed by a public key. It is quite large. Nobody ever figured out the original Xbox private key, after what? 8 years? If the signature is not legit (say, you tried to change the media flag to allow games to run from DVD-R), the game will not run on an Xbox 360.

The private signature key is protected by security that would impress the people that run Fort Knox and probably make Michael Bay's wildest imaginings pale in comparison. I doubt there is a network line running into the room (vault, more likely) holding the PC with the private key, and you probably aren't allowed to bring anything on your person - not a cell phone, USB keydrive, nothing into the room, except a disc for the media and a disc to save the master image to. Let's just say it isn't going to leak anytime soon, and access is very strictly controlled. Approval to sign anything is likely going to require several levels of upper management and possibly at least one pass through a review board. The code is scrutinized, media flags examined, and business cases must be presented. It is not a trivial process.

Just to get the media SIGNED is a big deal. It's an expensive deal. People do not work for free. Engineering time costs money. Management time costs money. Security time costs money. Things are scheduled. Preparations are made. Without spending a penny in materials, thousands are being spent in man hours. Got it? I understand that might have slipped your mind, but that's why you don't run a major corporation, nor will you ever even be a project manager at one. Time is money. Resources are money. Did I mention money?

Once generated, the image has to be mastered. There is a base cost involved... and as I explained before, it is several orders of magnitude more expensive than mastering a "plain old" DVD-ROM. The leakers can skip this - because reviewers are NOT the target for this product. Pirates are. No reviewer will touch that dev build. It will feature enough unique information that will never be a part of a retail or any other dev build. It only needs to logs a unique ID to work - one entered in as part of the build process, never to be used again. Assuming they were going to master the disc for stamping, the costs again are quite large, and even compared to Harvey the Wonder Duplicator's el cheapo $1 per disc cost for a run of 1000 DVD-ROMs, Microsoft's duplicators have higher costs from the outset... AFTER the expensive master disc creation, they still have a higher standard of quality control, the materials are more expensive, they pay their people more, and there are limited stamping machines that can handle the security features (I think I mentioned that requires specialized equipment, right? Expensive specialized equipment) which might mean halting production of some other game to stamp a limited run. The setup time costs money, the process takes money -  look at that... more talk of money.

Do you remember where I mentioned that Microsoft doesn't expect a reviewer to have a hacked console? If anything, they expect them to have a review/test console, which doesn't require all that expensive stuff above I just mentioned - the code does not require signing, only a media flag set for DVD-R. Devs can skip petitioning Microsoft to sign an incomplete dev build if they really want to send out a dev build to reviewers, but again... as I mentioned above, that is EXTREMELY RARE, because little good comes from letting a press flack sit down with an unfinished game unless you really, really trust them. This is why developers have three guys standing around consoles offering up a preview version of a game at events like E3 or CES, keeping an eye on players and more importantly, on when their game messes up.

Oh, and about those unsigned dev builds media flagged for DVD-R? No problem for the devs... even if an image leaked, who can use it? Your retail console can't run unsigned code. Best security in the world, so why even RISK leaking an advanced copy of the game by having it signed? There's only one reason I can think of to justify signing that dev build... and it has nothing to do with reviewers.

[red_ring_of_box]

+100 for the best answer yet to this leak  

[ssj4android]

QUOTE(Intersect @ Sep 4 2009, 02:08 PM)

Their ap2.0 disc security is basically dvd-cops. The kernel and hypervisor code verifies the response after each challenge instead of verifying an entire sequence. The issue with that being if you do a single type 5 or 7 timing challenge, the position at which it starts reading is going to be the same, so your response is going to be pretty close to the same, so a stored response passes. Since the security sectors are aligned across the disc, they could issue challenges in sequences without verifying after each, but an entire sequence. Since the security sectors are aligned, and the drive doesn't read in both directions, there would be a sector skew. Hacked firmware or not, you would need to store every possible sequence, per game, and have a magical firmware that knows the sequence being issued to it in advance.

 That's where ap2.5 comes in. The general consensus on that is if they do implement ap2.5 properly, it would be close to impossible to beat. Since they store the ap2.5 table in a file encrypted with your cpu key in the nand, you would have to dump every file and decrypt to be sure that yours is the same as any other one. If you mess this up once, you can be flagged for ban, as well as if you mess with this table.

 Ps. Serves you right heh

So what happens when this is done on one of the current hacked firmwares? A detectable bad response?
I'd be curious as to if they're doing that with these pre-release games.

[fahrenheit]

Fascinating topic.
I'm still having trouble deciphering theory from fact though.

Is it just an educated guess at this point that the leak couldn't be a ripping accident created by a member of the public who had access to THE legitimate retail build?
I'm sure post-release there will be plenty of people doing A/B comparisons to see what the differences are, but at this point, I'm not clear on whether its something that only MS themselves could have orchestrated, or just a hapless ripper who was so keen to be first to upload that he screwed up??

If this is an MS tactic (which seems fairly reasonable to me), don't they risk giving Live griefers alot of lead-time to come up with cheats and glitches that they could then use to disrupt matches from day 1?
On one hand, they get to sweep alot of pirates off the street prior to launch, but then they also end up giving early access to those who would want to subvert the Live service. Seems like a no-win situation from MS' point of view. Difficult thing to balance I imagine.